mirror of git://anongit.mindrot.org/openssh.git
upstream: in _ssh_order_hostkeyalgs() consider ECDSA curve type when
arranging the hostkey algorithms. AFAIK this code is unused in OpenSSH, but I guess others are using it based on GHPR387 from Pawel Jakub Dawidek OpenBSD-Commit-ID: 4d462495ac0c40f7b7dd66178e0005b9b2128225
This commit is contained in:
parent
d01ee7a88c
commit
0a1e75499e
25
ssh_api.c
25
ssh_api.c
|
@ -1,4 +1,4 @@
|
||||||
/* $OpenBSD: ssh_api.c,v 1.31 2024/09/09 02:39:57 djm Exp $ */
|
/* $OpenBSD: ssh_api.c,v 1.32 2024/10/18 05:14:51 djm Exp $ */
|
||||||
/*
|
/*
|
||||||
* Copyright (c) 2012 Markus Friedl. All rights reserved.
|
* Copyright (c) 2012 Markus Friedl. All rights reserved.
|
||||||
*
|
*
|
||||||
|
@ -532,7 +532,7 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
|
||||||
char *orig, *avail, *oavail = NULL, *alg, *replace = NULL;
|
char *orig, *avail, *oavail = NULL, *alg, *replace = NULL;
|
||||||
char **proposal;
|
char **proposal;
|
||||||
size_t maxlen;
|
size_t maxlen;
|
||||||
int ktype, r;
|
int ktype, nid, r;
|
||||||
|
|
||||||
/* XXX we de-serialize ssh->kex->my, modify it, and change it */
|
/* XXX we de-serialize ssh->kex->my, modify it, and change it */
|
||||||
if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)
|
if ((r = kex_buf2prop(ssh->kex->my, NULL, &proposal)) != 0)
|
||||||
|
@ -551,15 +551,20 @@ _ssh_order_hostkeyalgs(struct ssh *ssh)
|
||||||
while ((alg = strsep(&avail, ",")) && *alg != '\0') {
|
while ((alg = strsep(&avail, ",")) && *alg != '\0') {
|
||||||
if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
|
if ((ktype = sshkey_type_from_name(alg)) == KEY_UNSPEC)
|
||||||
continue;
|
continue;
|
||||||
|
nid = sshkey_ecdsa_nid_from_name(alg);
|
||||||
TAILQ_FOREACH(k, &ssh->public_keys, next) {
|
TAILQ_FOREACH(k, &ssh->public_keys, next) {
|
||||||
if (k->key->type == ktype ||
|
if (k->key->type != ktype &&
|
||||||
(sshkey_is_cert(k->key) && k->key->type ==
|
(!sshkey_is_cert(k->key) ||
|
||||||
sshkey_type_plain(ktype))) {
|
k->key->type != sshkey_type_plain(ktype)))
|
||||||
if (*replace != '\0')
|
continue;
|
||||||
strlcat(replace, ",", maxlen);
|
if (sshkey_type_plain(k->key->type) == KEY_ECDSA &&
|
||||||
strlcat(replace, alg, maxlen);
|
k->key->ecdsa_nid != nid)
|
||||||
break;
|
continue;
|
||||||
}
|
/* Candidate */
|
||||||
|
if (*replace != '\0')
|
||||||
|
strlcat(replace, ",", maxlen);
|
||||||
|
strlcat(replace, alg, maxlen);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (*replace != '\0') {
|
if (*replace != '\0') {
|
||||||
|
|
Loading…
Reference in New Issue